Feds disrupt hundreds of COVID-19 scammer domains

By Derek B. Johnson

Apr 22, 2020

The Department of Justice announced April 22 that it has taken action to disrupt "hundreds" of internet domains that the government claims were participating in coronavirus-related scams to defraud Americans.

According to the announcement, the FBI's Internet Crime Complaint Center has received more than 3.600 complaints about websites peddling fake vaccines or cures, soliciting donations for fake charities, falsely representing themselves as public health organizations or exploiting concern over the virus to trick users into downloading malware.

It's not stated how many of the websites directly targeted U.S. audiences or users, but DOJ said some of the domains represented themselves as U.S. government agencies or public health organizations like the American Red Cross. Federal agencies have been working with domain providers and registrars for weeks to identify and shut the domains down and law enforcement organizations are "actively reviewing leads" from industry and using new tools created by private cybersecurity researchers to identify fresh domains.

Other agencies and organizations involved in the effort include the U.S. Secret Service, the U.S. Postal Inspection Service and the Food and Drug Administration.

Such scams also targeted some of the benefits and stimulus programs created by Congress to respond to the virus. For instance, the FBI and other federal agencies identified multiple domains that were designed to mimic the IRS website for processing Economic Impact Payments.

As FCW reported last week, the government's emphasis on speedily dispersing checks to economically distressed American workers caused the agency to rely on self-certification and personally identifiable information like Social Security numbers and birth dates to process taxpayer benefits. Such information has been largely available on the Internet for years due to numerous public and private sector hacks and identity theft groups have been concerned about the potential for widespread fraud.

Earlier this month, the IRS issued a warning to taxpayers that it was seeing a surge of calls and email phishing attempts related to the outbreak. A Treasury Inspector General's office set up a dedicated web page just to process tips and complaints about virus-related scams targeting the taxpayers and the IRS.

"Identity thieves view the pandemic as a chance to exploit tax professionals as well as taxpayers," said IRS Commissioner Chuck Rettig in an April 14 statement. "They are using every trick of their criminal trade to con people as well as steal valuable personal and financial information to help enable tax-related identity theft. In many ways, tax pros are one of the first lines of defense. We urge the entire tax community to take additional steps and protect their sensitive data."

The takedowns are another data point underscoring how the COVID-19 outbreak has become a clearinghouse for widespread fraud, disinformation and cyberattacks.

The Cybersecurity and Infrastructure Security Agency has been warning about a coming onslaught of Coronavirus related fraud since early March. Organizations like the National Cybersecurity Alliance have warned about COVID-related online scams targeting small business owners while companies like NordVPN, Tessian, FireEye, CrowdStrike and others have tracked phishing schemes targeting U.S. stimulus legislation and disinformation campaigns designed to sow confusion among the American populace.

The same day DOJ announced the takedowns, Google's Threat Analysis Group said it has detected 18 million malware and phishing emails sent through its Gmail platform, 240 million daily spam messages and a dozen government-backed Advanced Persistent Threat Groups leveraging public interest in the virus to conduct cyberattacks.

On an April 22 webinar hosted by Palo Alto Networks, President Amit Singh said ransomware attacks, phishing and other attempts at compromise across the world are "dramatically up" compared to pre-virus baselines.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.